And of course, as with everything else, virtually all this new functionality is modular. Don't want the system call (or whatever)? Don't put it in your kernel.
Basically: you're wrong here. Cite the specific functionality you think is being shipped in an insecure way.
Just because the kernel does things wrong all over the place, it doesn't mean having too many syscalls specifically is not itself wrong.
>Cite the specific functionality you think is being shipped in an insecure way.
The whole Linux kernel. Complexity in privileged code is cancer.
For an example of how to do a kernel properly, refer to seL4.